What does an Anthropic API key look like?

Format: sk-ant-api03- . The body is typically 95 characters of [A-Za-z0-9_-], giving a total key length of about 108 characters. Example shape: sk-ant-api03-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-AAAAAA. The body is random and base64url-safe so it can travel in URLs and headers without encoding. There are no checksums in the format — validity is only confirmable via an actual API call.

Can I use my Anthropic API key with VibeKit?

Yes. VibeKit is BYOK-first — paste your sk-ant-api03 key (or your sk-ant-oat01 subscription token) into Profile → AI Provider → Anthropic, and the agent's next request runs through your Anthropic account. AI charges go straight to Anthropic; VibeKit doesn't bill on top. Per-app: different apps can use different keys, useful if you're isolating clients or testing models.

Is it safe to paste my Anthropic key into a third-party app?

Only with apps that encrypt at rest and don't log the key. VibeKit encrypts keys with AES-GCM, decrypts only in memory at request time, never writes them to logs or telemetry. The recommended hygiene either way: generate a separate Anthropic key per third-party tool so you can revoke individually if anything goes wrong, and watch the per-key usage line on console.anthropic.com.

Why does my Anthropic API key not work?

Five common reasons: (1) the key was rotated or revoked in console.anthropic.com, (2) the Anthropic account has no credit balance, (3) the key's rate limit was hit (HTTP 429), (4) you copied an extra space or trailing newline when pasting, (5) you're using an oat01 token (subscription) against a service that only accepts api03 (paid). Test the key with: curl -s https://api.anthropic.com/v1/messages -H 'x-api-key: $KEY' -H 'anthropic-version: 2023-06-01' -H 'content-type: application/json' -d '{"model":"claude-sonnet-4-6","max_tokens":4,"messages":[{"role":"user","content":"hi"}]}' — a 200 confirms the key works.

Anthropic API Key Format (sk-ant-api03)

Q: What does sk-ant-api03 mean?

sk-ant-api03 is the prefix Anthropic uses on production API keys issued through console.anthropic.com. The pieces decode as: 'sk' (secret key, the OpenAI/industry convention), 'ant' (Anthropic), 'api03' (the third generation of their API key format). Every Anthropic API key issued today starts with this 13-character prefix, followed by a long random base64-url body. It's how you can recognize a real Anthropic key in code without making a network call to validate it.

Q: What's the difference between sk-ant-api03 and sk-ant-oat01?

sk-ant-api03 is an API key from console.anthropic.com that bills your Anthropic API account per token used. sk-ant-oat01 is an OAuth access token issued through the Claude CLI's `claude setup-token` flow for a Claude Pro or Max subscription — it bills against that subscription's quota instead of per-token. Both are valid Bearer tokens for the Anthropic API, but they hit different billing surfaces. Most hosted-agent platforms only accept api03; tools like VibeKit and Claude Code itself also accept oat01 so subscribers can use what they're already paying for.

Q: How do I generate an Anthropic API key?

Sign in to console.anthropic.com, open Settings → API Keys, click 'Create Key'. Pick a name (so you can revoke per-tool later), choose the workspace, and copy the key once — Anthropic doesn't show it again. You need a credit balance on the account for production traffic. New accounts get a small free credit allowance; beyond that you fund the account with a credit card. Each key inherits the account's rate limit and credit pool.

Every Anthropic API key starts with sk-ant-api03-. This is a quick breakdown of what each piece means, how to spot a valid key, and the difference between the two token types Anthropic issues (api03 vs oat01).

Anatomy of a key

sk-ant-api03-AAAAAA...BBBBBB (≈95 chars)

sk — "secret key", industry convention (matches OpenAI's sk-).

ant — issuer is Anthropic.

api03 — third-generation API key format. (api01 and api02 existed earlier; all current keys are api03.)

body — random base64url payload, ~95 characters. No checksum — validity only confirmable via an API call.

Total length is about 108 characters. The body is URL-safe so the key can travel in headers and querystrings without escaping, but you should still treat it as a secret and pass it via the x-api-key header, not a URL parameter.

api03 vs oat01 — two token types

Anthropic actually issues two kinds of Bearer tokens. Both work against api.anthropic.com, but they bill different surfaces:

sk-ant-api03-… — an API key from console.anthropic.com. Bills your Anthropic API account per token used. This is the path for production apps.
sk-ant-oat01-… — an OAuth access token issued by the Claude CLI's claude setup-token command, tied to a Claude Pro or Max subscription. Bills against that subscription's quota — no per-token charge. Same interface; different billing.

Most third-party hosted-agent platforms only accept the api03 path. Tools that integrate deeply with Claude — Claude Code itself, VibeKit, a few others — also accept oat01 so Pro/Max subscribers can use what they're already paying for.

How to generate one

# For an API key (sk-ant-api03-…):
1. Sign in to console.anthropic.com
2. Settings → API Keys → "Create Key"
3. Name it after the tool you'll use it in (so you can revoke per-tool later)
4. Copy the key once — Anthropic does not show it again
5. Fund the account if it's new — $5+ in credit unlocks production traffic

# For a subscription token (sk-ant-oat01-…):
1. Install Claude CLI: npm i -g @anthropic-ai/claude-code
2. Run: claude setup-token
3. Open the URL it prints, log in to Claude Pro / Max
4. Paste the returned token back into the CLI
5. The token lasts about a year before re-auth is required

Validating a key locally

You can pattern-match the prefix in code without a network call:

function isAnthropicKey(s) {
  return /^sk-ant-(api03|oat01)-[A-Za-z0-9_-]{40,}$/.test(s);
}

To confirm it's actually live and has credit, hit a tiny /messages request:

curl -s https://api.anthropic.com/v1/messages \
  -H "x-api-key: $KEY" \
  -H "anthropic-version: 2023-06-01" \
  -H "content-type: application/json" \
  -d '{"model":"claude-sonnet-4-6","max_tokens":4,"messages":[{"role":"user","content":"hi"}]}'

A 200 with a small completion confirms the key works. A 401 means revoked or typoed. A 402 means out of credit. A 429 means rate-limited (still a valid key).

Using a key with a hosted AI agent

If you're trying to plug an Anthropic key into an agent so you can build apps without writing infrastructure code, VibeKit is BYOK-first: paste your sk-ant-api03- (or sk-ant-oat01-) into Profile → AI Provider → Anthropic, and the agent's next request runs through your Anthropic account. Charges go straight to Anthropic; VibeKit doesn't bill on top. Free tier is genuinely free with BYOK — no per-session markup, no token clipping.

Security hygiene

One key per third-party tool. Easier to revoke a specific integration if something goes wrong.
Watch per-key usage on the console. Sudden spikes are the first signal of a leaked or misconfigured key.
Encrypt at rest, in memory only at request time. Any host that asks for the plaintext to be stored anywhere persistent isn't doing it right.
Rotate when team members leave. Compromised keys are most often the result of internal-system exposure, not external attack.

FAQ

What does sk-ant-api03 mean?

It's the prefix Anthropic puts on production API keys. sk = secret key, ant = Anthropic, api03 = third generation of their API key format. Every current Anthropic API key starts with these 13 characters, followed by a long random base64url body.

What's the difference between sk-ant-api03 and sk-ant-oat01?

api03 is an API key — bills per token from your console.anthropic.com account. oat01 is an OAuth token from claude setup-token — bills against your Claude Pro or Max subscription quota. Same endpoint, different billing path.

How do I generate an Anthropic API key?

console.anthropic.com → Settings → API Keys → Create. Name it, copy it once, fund the account with credit if it's new. The console shows usage per-key, which is handy for tracking what each tool spends.

Can I use my Anthropic key with VibeKit?

Yes — VibeKit is BYOK-first. Paste either sk-ant-api03 or sk-ant-oat01 into Profile → AI Provider → Anthropic. AI requests go through your Anthropic account; VibeKit doesn't take a cut. More on BYOK →

Why isn't my Anthropic key working?

Five common causes: key was rotated/revoked, account out of credit, rate-limited (429), trailing whitespace from copy-paste, or you're passing an oat01 subscription token to a service that only accepts api03. The curl snippet above will tell you which.

Already have a key? Spin up an app in 30s.

Paste your sk-ant-…, get a persistent AI agent + GitHub repo + live URL. Free tier with BYOK.

Enter VibeKit →